Security Headers was created by me, Scott Helme! I'm Security Researcher and Company Founder based in the UK, and you can regularly find me writing on my blog at scotthelme.co.uk or Twitter @Scott_Helme about Cyber Security.

I built Security Headers after deploying security headers like CSP and HSTS to my own site. I wanted a quick and easy way to check if other sites were using these headers and I figured I'd turn it into a useful tool for everyone to use!


There are services out there that will analyse the HTTP response headers of other sites but I also wanted to add a rating system to the results. The HTTP response headers that this site analyses provide huge levels of protection and it's important that sites deploy them. Hopefully, by providing an easy mechanism to assess them, and further information on how to deploy missing headers, we can drive up the usage of security based headers across the Web.


The site is written in PHP using the CodeIgniter MVC framework and powered by DigitalOcean Droplets. You can use my DigitalOcean referal link to get $10 in free credit and help support this service or even consider donating! The site is free for anyone to use and is entirely funded out of my own pocket and supported by sponsors that you may see at the top of the page. If you'd like to help support it, please get in touch, or consider subscribing to our API!